Patch: Enforce npm 8 for Lockfile Version 2+ (#10761)

* set npm 8 as default and lockfileVersion 2+
dependabot · Oct 9, 2024 · 025db54 · 025db54
1 parent 3178303
commit 025db54
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb
@@ -15,7 +15,6 @@ module Helpers
         /^.*(?<error>The "yarn-path" option has been set \(in [^)]+\), but the specified location doesn't exist)/
 
       # NPM Version Constants
-      NPM_V9 = 9
       NPM_V8 = 8
       NPM_V6 = 6
       NPM_DEFAULT_VERSION = NPM_V8
@@ -77,7 +76,9 @@ def self.npm_version_numeric_npm8_or_higher(lockfile)
 
         lockfile_version = lockfile_version_str.to_i
 
-        return NPM_V9 if lockfile_version == 3
+        # Using npm 8 as the default for lockfile_version > 2.
+        # Update needed to support npm 9+ based on lockfile version.
+        return NPM_V8 if lockfile_version >= 2
 
         NPM_DEFAULT_VERSION
       rescue JSON::ParserError